Unfortunately, we will show that wrong conclusions are made for the performance comparison between  and , probably due to a wrong translation, as  was expressed as a discrete logarithm problem (DLP) and  as an ECDLP
. In addition, we add another certificate based and pairing free signature scheme, similar to the scheme of , following ideas of , where the signature scheme is based on the proposal of Schnorr .
It is known that the discrete logarithm problem based on ECC (ECDLP
) of any elliptic curve element that has a public point known base point, is harder than the discrete logarithm problem (DLP) over the finite field [F.sub.q]
The proposed protocol is existentially unforgeable against adaptive chosen-message attacks (EUF-CMA-II) of the Type I adversary [A.sub.1] in the random oracle model under the ECDLP
When trying to obtain t, r, or any valuable information, the attacker faces the computational Diffie-Hellman problem and ECDLP
. Any modification on the messages will be detected, because R and T are signed by private keys r and t' respectively, and the received ID is compared with the stored ID;.
The security of elliptic curve cryptography is based on the difficulty of the ECDLP
. Like any other discrete logarithm problem, ECDLP
can be solved by generic algorithms such as the Baby-Step Giant-Step method  and Pollard rho method .
It is based on Diffie-Hellman key exchange algorithm supported by the difficulty of Elliptic Curve Discrete Logarithm Problem (ECDLP
) and based on using a strong cryptographic one-way hash function.
Elliptic Curve Discrete Logarithm Problem (ECDLP
): Given the equation P = kG where P, G [member of] [E.sub.p](a, b) and k < p, it is relatively easy to compute P when the values of k and G are known, but it is hard to evaluate k given the values of P and G.
Some constructions further utilize the bilinear pairing to enhance the functionalities and performance [14, 15], but the security of these constructions was also rooted in the intractability assumption of ECDLP
. Unfortunately, IFP and DLP as well as ECDLP
could be efficiently solved by Shor's quantum algorithms [16, 17] and its extensions .
, se plantea asi: dados E y un multiplo escalar Q de G, determinar un entero a tal que Q = aG.
If an adversary Ab has a nonnegligible advantage E against the IND-CLGSC-CCA2-I security of our scheme and Performing [mathematical expression not reproducible], queries to oracles Ht (i = 0, 1, 2), [q.sub.ppk] Extract-Partial-Private-Key queries, and [q.sub.sk] Set-Private-Key queries, then there is an algorithm that solves the ECDLP
problem with probability [mathematical expression not reproducible].
Definition 3.2.2 (ECDLP
, Elliptic Curve Discrete Logarithm Problem).
Mohanty, "An ECDLP
based untraceable blind signature scheme," in Proceedings of the Circuits, Power and Computing Technologies (ICCPCT), International Conference on.